<?php
	//print_r($_POST);
	include_once "../config.inc.php";
	include_once '../test_swiftmail.php';
	
	$eve = empty($_POST['eve']) ? 0 : $_POST['eve'];
	//进行返回提示问题
	if($eve == 1){
		if(strlen($_POST['ucode']) == 4 && $_POST['ucode'] == $_SESSION['ucode']){
			//echo '({"eve":"1"})';
			//die();
		}else{
			echo '({"eve":"2"})';
			die();
		}

		$stmt = $pdo->prepare('select * from kp_usr where uname=? and upwd=?');
		$stmt->execute(array($_POST['uname'],md5($_POST['upwd'])));
		if($arr = $stmt->fetch(PDO::FETCH_ASSOC)){
			$_SESSION = $arr;
			/*
			//echo '[{"upwd":"'.$arr['pwd1'].'","eve":"1"}]';
			$arr['eve'] = 1;
			//print_r($arr);
			$_SESSION = $arr;
			$str = '({';//操蛋的JSON字符串,在eval时必须外层要有小括号
			foreach($arr as $key=>$val){
				$str.= '"'.$key.'":"'.$arr[$key].'",';
			}
			$str = trim($str,',');
			$str .= '})';
			echo $str;
			*/
			echo '({"eve":"1"})';
		}else{
			echo '({"eve":"0"})';
		}
	}
	//如果是验证码提交过来的//暂时没有在用
	if($eve == 2){
		if(strlen($_POST['ucode']) == 4 && $_POST['ucode'] == $_SESSION['ucode']){
			//echo '({"eve":"1"})';
			$stmt = $pdo->prepare("select * from kp_usr where uname = ?");
			$stmt-> execute(array($_POST['username']));
			if($stmt->rowCount() > 0){
				die('({"eve":"2"})');//用户已存在
			}
			$flag = FALSE;
			$stmt = $pdo->prepare("insert into kp_usr(uname,upwd,email,sex) values(?,?,?,?)");
			//写进数据库,时间问题没做过滤
			$flag = $stmt->execute(array($_POST['username'],md5($_POST['password']),$_POST['email'],$_POST['sex']));
			if($flag){
				die('({"eve":"1"})');//注册成功
			}else{
				die('({"eve":"3"})');//注册失败
			}	
		}else{
			die('({"eve":"0"})');//验证码不正确
		}
	}
	//3.用户密码找回第一步
	if($eve == 3){
		if($_POST['ucode'] != $_SESSION['ucode']){
			die('({"eve":"0","data":"错误:验证码不正确!"})');
		}
		$flag = FALSE;
		$stmt = $pdo->prepare('select uid,uname,email,help,helpok from kp_usr where uname=? and email=?');
		$flag = $stmt->execute([$_POST['uname'],$_POST['uemail']]);
		$rows = $stmt->rowCount();
		$arr = $stmt->fetch(PDO::FETCH_ASSOC);
		//$rows = count($arr);
		if($rows < 1){
			echo '({"eve":"0","data":"错误:帐号与邮箱不匹配!"})';
		}else{
			$_SESSION['userhelp'] = $arr;
			$_SESSION['userhelp']['ok'] = 1;
			echo '({"eve":"1","data":"'.$arr['help'].'"})';
		}
	}
	//3.用户密码找回第一步
	if($eve == 4){
		if($_POST['ucode'] != $_SESSION['ucode']){
			die('({"eve":"0","data":"错误:验证码不正确!"})');
		}
		if($_POST['uhelpok'] != $_SESSION['userhelp']['helpok']){
			die('({"eve":"0","data":"错误:提示问题答案不正确!"})');
		}
		$_SESSION['userhelp']['ok'] = 2;
		echo '({"eve":"1","data":"'.$_SESSION['userhelp']['uid'].'"})';
//		$flag = FALSE;
//		$stmt = $pdo->prepare('select uid,help from kp_usr where uname=? and email=?');
//		$flag = $stmt->execute([$_POST['uname'],$_POST['uemail']]);
//		$rows = $stmt->rowCount();
//		$arr = $stmt->fetch(PDO::FETCH_ASSOC);
		//$rows = count($arr);
//		if($rows < 1){
//			echo '({"eve":"0","data":"错误:帐号与邮箱不匹配!"})';
//		}else{
//			echo '({"eve":"1","data":"'.$arr['help'].'"})';
//		}
	}
	//5修改密码
	if($eve == 5){
		if(!empty($_SESSION['userhelp']['uid'])){
			$flag = FALSE;	
			$stmt = $pdo->prepare('update kp_usr set upwd = ? where uid = ?');
			$flag = $stmt->execute([md5($_POST['pwd']),$_SESSION['userhelp']['uid']]);
			if($flag){
				echo '({"eve":"1","data":"'.$_SESSION['userhelp']['uname'].'"})';
				$_SESSION['userhelp'] = [];
			}else{
				echo '({"eve":"0","data":"数据操作失败,请联系管理员!"})';
			}
		}else{
			echo '({"eve":"0","data":"不能重复设置或进行非法操作!"})';
		}
		
	}
	//6.发送找回密码邮件.
	if($eve == 6){
		if($_POST['ucode'] != $_SESSION['ucode']){
			die('({"eve":"0","data":"错误:验证码不正确!"})');
		}
		$flag = FALSE;
		$stmt = $pdo->prepare('select uid,uname,upwd,email,help,helpok from kp_usr where uname=? and email=?');
		$flag = $stmt->execute([$_POST['uname'],$_POST['uemail']]);
		$rows = $stmt->rowCount();
		$arr = $stmt->fetch(PDO::FETCH_ASSOC);
		//$rows = count($arr);
		if($rows < 1){
			echo '({"eve":"0","data":"错误:帐号与邮箱不匹配!"})';
		}else{
			//发送邮件 链接由:用户名+密码+邮箱+时间戳
			//只取路径
			$url='http://'.$_SERVER['SERVER_NAME'].$_SERVER["REQUEST_URI"]; 
			$url='http://'.$_SERVER['SERVER_NAME'].$_SERVER["REQUEST_URI"]; 
			$content = dirname($url);
			//echo $content;
			$content = substr($content,0,strripos(dirname($url), '/'));
			//echo $content;
			
			
			
			$content = $content.'/'.'password2.php?u='.md5($arr['uname']).'&e='.md5($arr['email']).'&p='.md5($arr['upwd']).'&t='.time();
			$content = '找回密码:<br /><a href="'.$content.'">'.$content.'</a><br />如上面链接无法点击,请复制到浏览器打开';
			//$email = (string)$arr['email'];
			sendMail('密码找回', $content, array($arr['email'] => '找密码'));
			echo '({"eve":"1","data":"'.$arr['email'].'"})';
		}
	}
?>